The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted external data.
Ingestion points: Text and image extraction from user-provided course materials (PDF, PPTX, MD, Images) in Phase 2 of SKILL.md.
Boundary markers: The instructions do not define boundary markers or include directives to the agent to ignore instructions embedded within the processed materials.
Capability inventory: The skill has access to tools including Bash, Write, and Edit, and uses subprocess to execute system commands.
Sanitization: Extracted content is not sanitized or validated before being incorporated into the agent's context and the final LaTeX output.
[COMMAND_EXECUTION]: The skill performs command execution using system binaries and Python scripts.
Evidence: scripts/editor_server.py utilizes subprocess.run to invoke latexmk and pdftoppm for compiling LaTeX and generating previews.
Evidence: SKILL.md defines several Python snippets executed via the Bash tool for parsing material files. These snippets interpolate file paths directly into command strings, which presents a risk if filenames contain shell metacharacters.
Risk: Malicious content within course materials could potentially influence the LaTeX generation to include dangerous commands (LaTeX injection), although the risk is mitigated by the lack of -shell-escape in the compilation command.

cheatsheet-generator